Lucene search
K

187 matches found

BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.9 views

The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex allows a perpetrator to upload a malicious file to the server.

The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to upload a malicious file to the server remotely...

7.5CVSS5.5AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2020/01/23 12:0 a.m.10 views

PT-2020-7942

Name of the Vulnerable Software and Affected Versions: sanitize-html versions prior to 1.4.3 Description: The issue allows an attacker to execute arbitrary Javascript due to the lack of recursive sanitization of input in affected versions of sanitize-html. Recommendations: Update to version 1.4.3...

6.1CVSS6.5AI score0.0084EPSS
Exploits0References10
OSV
OSV
added 2019/06/06 4:29 p.m.2 views

CVE-2019-7552

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section...

5.4CVSS5.8AI score0.00707EPSS
Exploits1References2
OSV
OSV
added 2019/02/01 6:29 p.m.6 views

CVE-2018-16480

A XSS vulnerability was found in module public 0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering...

6.1CVSS5.8AI score0.00769EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2017/05/09 5:13 p.m.4 views

business-central: Multiple stored XSS in task and process filters

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly...

6.1CVSS5.8AI score0.01295EPSS
Exploits0References4
OSV
OSV
added 2010/01/13 8:30 p.m.3 views

UBUNTU-CVE-2009-4490

minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

5CVSS7.6AI score0.1027EPSS
Exploits2References2
Prion
Prion
added 2006/02/13 11:6 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the 1 username and 2 password parameters, which are not sanitized before being written to users.php. NOTE: while this issue...

3.5CVSS6.5AI score0.01109EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder